How to port forward with IPTABLES...
Hi,
How would I setup port forwarding on my firewall below? For example, if I wanted to forward port 8080 to 192.168.0.5. Below is my firewall script. I have eth0 as my outside internet connection, and eth1 as the LAN. Any suggestions on how to improve this script in general would also be appreciated!! :) Im also using redhat 9.0 if this helps. Thanks! Code:
#!/bin/sh |
you'll want to add at least the following lines. I'm assuming you want to forward external port 8080 to internal 192.168.0.5 on port 80. I'm also assuming your eth1 is your external interface
$iptables -A FORWARD -i eth1 -d 192.168.0.5 --protocol tcp --dport 80 -j ACCEPT $iptables -A PREROUTING -i eth1 -t nat -p tcp --dport 8080 -j DNAT --to 192.168.0.5:80 You really should set up that first line as the following, where $ext_ip is your external IP address assigned to eth1. $iptables -A PREROUTING -i eth1 -t nat -p tcp -d $ext_ip --dport 8080 -j DNAT --to 192.168.0.5:80 |
[edit]it seems someone writes faster than me :rolleyes: [/edit]
These are the Iptable rules (EXAMPLE) required for port forwarding xxx.xxx.xxx.xxx:8888 to 192.168.0.2:80 . iptables -t nat -A PREROUTING -p tcp -i eth0 -d xxx.xxx.xxx.xxx --dport 8888 -j DNAT --to 192.168.0.2:80 iptables -A FORWARD -p tcp -i eth0 -d 192.168.0.2 --dport 80 -j ACCEPT |
T H A N K S !!!
|
You'll have to forgive me, I'm a bit of a noob when it comes to IPTABLES. That script of yours is pretty shmick looking scrag. If I wanted to use a script based off of yours on my own system, where would I put it?? Thanks heaps in advance!
|
I have this script saved as file under /etc/rc.firewall. To load this automatically on boot up you need to add the line "cd /etc[ENTER] ./rc.firewall" in your startup file "/etc//rc.d//rc.local". rc.local is your "load this on boot" file. Hope this helps as I am typing as I am drunk :) If not, let me know ill get back to you tommorrow when I am sober ;)
|
Can I place the Port Forwarding Section any where in the script?
I have created the following rules to foward Bit Torrent, are they correct? Thanks heaps in advance! #Open Ports $iptables -A INPUT -p tcp --dport 6881:6889 -j ACCEPT #BT #Port Forward $iptables -A FORWARD -i eth1 -d 192.168.0.203 --protocol tcp --dport 6881:6889 -j ACCEPT $iptables -A PREROUTING -i eth1 -t nat -p tcp --dport 6881:6889 -j DNAT --to 192.168.0.203:6881:6889 My eth0 and eth1 are the same as your own scenario. |
All times are GMT -5. The time now is 01:43 AM. |